GDPR: How to build and maintain a data governance system

While data mapping and inventory, and establishing a lawful basis for processing, are logically the first two steps on the road to GDPR compliance, these activities require coordination among many people throughout the organization to be performed by at least one person who is both knowledgeable about the GDPR and capable of project management. Whether that person’s title is DPO or not will depend on additional analysis of the relevant GDPR provisions.